We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less.

By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles.

AWS Announces CISPE Membership and Compliance with First-Ever Code of Conduct for Data Protection in the Cloud

In order to show AWS’s continued commitment to ensuring that customers can comply with EU Data Protection requirements when using our services. Amazon announced they joined the CISPE (Cloud Infrastructure Services Providers in Europe) and announced compliance with their code of conduct on several services they offer through AWS.

Please note that it does not include all AWS services yet: EC2 (servers), S3 (file storage), RDS (databases), IAM (Access management), Cloudtrail (logging) and EBS (storage space "for rapidly moving "dynamic" data such as operating system files, databases, etc) are in the scope for now.

A rash of invisible, fileless malware is infecting banks around the globe

Fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. Those malwares evade detection by reducing or eliminating the storage of any binaries on disk and instead hides its code in the registry of a compromised host

The researchers don't yet know how the malware initially takes hold. Possible vectors include SQL-injection attacks and exploits targeting plugins for the WordPress content management application. This is a good reminder that Antivirus is not a silver bullet that can anihilate any threats. It is important for IT administrators, developers and end users stay aware of the risks and act responsibily.

Phishing: Malware distributors are switching to less suspicious file types

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users. Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious .LNK files inside ZIP archives. Those files had malicious PowerShell scripts attached to them.

In the recent campaign seen by Microsoft, the malicious LNK files contained a PowerShell script that downloaded and installed the Kovter click fraud trojan. Another file type used to distribute malware in recent months has been SVG (Scalable Vector Graphics). While many people correctly associate .SVG files with images, it's a little-known fact that such files can actually contain JavaScript.

Lately, Bruce Schneier, a well-known cybersecurity expert, has been collecting IoT security and privacy guidelines. He posted everything he has found on the subject on his blog.

They all largely say the same things: avoid known vulnerabilities, don't have insecure defaults, make your systems patchable, and so on. He is guessing that regulation on the subject is coming soon and vendors must get ready for their upcoming products.

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.